Seriously appreciate this. Idk if you're just on my wavelength but this makes the most sense out of the socket IO and rooms tutorials I've seen so far. You quickly and perfectly explain what you're doing and why you're doing it without going overboard, and even though I'm working on an app that's not the same as the chat you make in this tutorial, I'm actually able to follow along and pick out or edit as needed without losing functionality.
Thanks for the video. Really well explained! One bit of constructive criticism though - I like the fast pace but at times it sounds like you're rushing and some words are hard to understand. I had to check I didn't have you set to 1.5x speed lol
I think it is not safe for the server to call a function passed by a client. That function could be anything. Moreover, you are revealing to the client that you are using a Javascript backend.
Hey Chaim! This was a magnificent video, thank you so much for putting this beauty together! 🏆🎊🙌🏽 I'd like to voice an educated guess: the client-side defined callback may be a security risk. I'm thinking that a highly motivated attacker could reverse engineer your build js file and alter the callback to do something malicious, and it will run on your server regardless. That's my immediate thought, but I'll have to watch the next video to see how you do the cb. I read it in the docs a few weeks ago but I didn't understand it then. Do you have an opinion on this? Again, phenomenal explanation of the "rooms" concept! 💯😎
if your function is e.g. `console.log` this will not trigger `console.log` on the server, just on the client. it's literally like emitting a response back containing the function name and arguments and the client calling the function, but it's a built-in thing to save you that client-side code
Thanks a lot! By the way, cb(callback) is equal to ack. It may cause confusion because I am applying this in the java spring boot application and I couldn't find anything about the callback. So just i wanted to mention it. Thank you again :)))
Really awesome tutorial! I am kind of concerned about the security of letting the client send a callback function to run on the server though. I've just been getting deeper into security, so maybe I'm paranoid, but it seems very vulnerable to some sort of code injection?
@Amir Moeen Rahmani well you see whet he does is he gets a function from the user and executes it on the backend but the user can put whatever malicious code he want in that function with that the hacker can: crash your backend, make a never ending loop preventing the backend from functioning properly, steal all the data he wants, and the list goes on. This dude is legit letting anyone send a function to the backend that will get executed even I with 0 hacking skills could crash his backend
This is the docs from socket.io talking about this approach. socket.io/docs/v3/emitting-events/ Scroll down to Acknowledgements I should also mention that there is no risk here because this is not code that executes user code. A good example where one more worry about executing user code is with the common xss attack. For example, you have a blog, and then you have comments, now a user can make a comment have a script tag and then add their own javascript to this script which will execute on your website. This works because when you render a script tag, the code within executes. In this case however, you are not taking user entered data and passing it along to an environment that can execute this code. Hope this helps clear things up.
@@ЖукОбычниик When the server executes the callback provided by the client, it is essentially sending a message back to the client that triggers the client's function. The server does not run the client's code directly.
I have a question. So basically, when user joins, you push its username and id to usernames array, which contains all users. But what happen if user leaves and his info still stays in array? I'm doing something simmilar with pushing room code which is a object with few details and users insde that room eg. "123" = {leaderId: "", isLocked: false, sockets: []} , but when all users leave, i want to destroy that room object, but idk how to do it properly, or is it even possible, or shoud I change whole system for better one, since Im still new to socketio?
@@CodingWithChaim personally I would love to see a full react application using all the react features but as practical components something you would see in real life.
new to programming here, but learning fast. This has been the best information so far and exactly what I've looked for! You explain everything in depth and it's really quite helpful, I'll be tuning in much more frequently from now on!
Seriously appreciate this. Idk if you're just on my wavelength but this makes the most sense out of the socket IO and rooms tutorials I've seen so far. You quickly and perfectly explain what you're doing and why you're doing it without going overboard, and even though I'm working on an app that's not the same as the chat you make in this tutorial, I'm actually able to follow along and pick out or edit as needed without losing functionality.
Damn, ussualy i speed these things up and had to check I hadnt increased playback speed, this guy talks fast! I like it!
me too 😂
Just adding a callback to the original socket message is genius. Far more elegant than having to respond with a whole new message. Thanks!
Great tutorial. Thanks a lot!
This is still such a good video, super useful.
Thanks for the video. Really well explained!
One bit of constructive criticism though - I like the fast pace but at times it sounds like you're rushing and some words are hard to understand. I had to check I didn't have you set to 1.5x speed lol
That was awesome. Love that you speak fast.
You've totally nailed this socket io stuff! Looking forward to the client side part :)
Thank you! Well I certainly hope the client side part won’t disappoint
I think it is not safe for the server to call a function passed by a client. That function could be anything. Moreover, you are revealing to the client that you are using a Javascript backend.
this guy speaks so fast, i love it
It's the best explanation that I've seen
Thank you very much. This is an amazing tutorial, very well explained. You helped me save a lot of time.
Set speed to 0.75 and everything for me is now clear
slow down bruhh. M here to learn, but you're on a train.
You can just watch it slowed to x0.75, the video won't be that longer
1337. What a throwback ! Great pace for your vid. What do you do when you’re not making RUclips vids, got a blog or something I can read?
Hey Chaim! This was a magnificent video, thank you so much for putting this beauty together! 🏆🎊🙌🏽
I'd like to voice an educated guess: the client-side defined callback may be a security risk. I'm thinking that a highly motivated attacker could reverse engineer your build js file and alter the callback to do something malicious, and it will run on your server regardless. That's my immediate thought, but I'll have to watch the next video to see how you do the cb. I read it in the docs a few weeks ago but I didn't understand it then. Do you have an opinion on this?
Again, phenomenal explanation of the "rooms" concept! 💯😎
Amazing! Keep the content flowing!
Explanations are on point👌🏻 but damn I thought the video was sped up🤣
10:16 wouldn't that be insecure? Since people can modify the client javascript and execute another function?
if your function is e.g. `console.log` this will not trigger `console.log` on the server, just on the client. it's literally like emitting a response back containing the function name and arguments and the client calling the function, but it's a built-in thing to save you that client-side code
Very Well Explained!
You got a new subscriber,
Thanks.
you make my adhd very happy
Haha happy to help
Thanks a lot! By the way, cb(callback) is equal to ack. It may cause confusion because I am applying this in the java spring boot application and I couldn't find anything about the callback. So just i wanted to mention it. Thank you again :)))
This is awesome but I have a question if I wanted to remove a user from channel(room) how can I do it??
Very cool! Thank you for doing these videos. Btw, I think the link to the code repository for this video is not correct.
Awesome video. Incredibly lucid.
Really awesome tutorial!
I am kind of concerned about the security of letting the client send a callback function to run on the server though. I've just been getting deeper into security, so maybe I'm paranoid, but it seems very vulnerable to some sort of code injection?
I don't agree with you passing a callback function from the clinet side this is literally the most dangerous thing you can do because hackers
@Amir Moeen Rahmani well you see whet he does is he gets a function from the user and executes it on the backend but the user can put whatever malicious code he want in that function with that the hacker can: crash your backend, make a never ending loop preventing the backend from functioning properly, steal all the data he wants, and the list goes on. This dude is legit letting anyone send a function to the backend that will get executed even I with 0 hacking skills could crash his backend
This is the docs from socket.io talking about this approach. socket.io/docs/v3/emitting-events/
Scroll down to Acknowledgements
I should also mention that there is no risk here because this is not code that executes user code. A good example where one more worry about executing user code is with the common xss attack. For example, you have a blog, and then you have comments, now a user can make a comment have a script tag and then add their own javascript to this script which will execute on your website. This works because when you render a script tag, the code within executes.
In this case however, you are not taking user entered data and passing it along to an environment that can execute this code.
Hope this helps clear things up.
@@CodingWithChaim But can I not write a regular node script that will connect to the server and emit an event with the malicious function?
@@ЖукОбычниик When the server executes the callback provided by the client, it is essentially sending a message back to the client that triggers the client's function. The server does not run the client's code directly.
Amazing Content...💕
Just Watch @ 0.75x Playback Speed...
I have a question. So basically, when user joins, you push its username and id to usernames array, which contains all users. But what happen if user leaves and his info still stays in array? I'm doing something simmilar with pushing room code which is a object with few details and users insde that room eg.
"123" = {leaderId: "", isLocked: false, sockets: []}
, but when all users leave, i want to destroy that room object, but idk how to do it properly, or is it even possible, or shoud I change whole system for better one, since Im still new to socketio?
What's the advantage of using express when you're also using socket?
Great content! Keep it on going :)
Thanks! Will certainly keep it going
thank you Chaim, can you please provide git source ?
hey If I would like to access socket in another page like I have multiple controller, how can we pass it to different pages?
imagine him rapping :o
Bruf he has surpassed Eminems level of speed speaking
awesome video 👍
Great video!!!
in my website i cant use @t on multiple pages.
is it valid or not i am doing ?
Can you do one with the twilio video rooms API, its easier
Can certainly take a peek into it
@@CodingWithChaim It would be great and quick in just 10min
always love your vids! would love to see you make more vids on javascript and react
Thank you! Do you have a specific topic in mind you’d like me to cover?
@@CodingWithChaim personally I would love to see a full react application using all the react features but as practical components something you would see in real life.
Would even be great as a separate course explaining the behind the good of the js side
new to programming here, but learning fast. This has been the best information so far and exactly what I've looked for! You explain everything in depth and it's really quite helpful, I'll be tuning in much more frequently from now on!
Glad you find the content helpful
Great Content! Thanks! Subscribed! :)
why you dont use rooms of socket io ? socket io has a buided function
Very nice video. Thank you a lot
You’re very welcome
pls where is the part two
מדהים
can you please slow down a little its quite fast for me tbh. otherwise video is very helpful.
Really great, but you speak too fast, I am native Hindi speaker and thank God RUclips has this slow video speed feature 🙏🙏
Will you make any video on private chat ?
Would you mind elaborating a little more about what you mean?
@@CodingWithChaim Like there is a list of user in a chat room, but I would like to chat with an specific user. Private chat
This video covers that too
That was an awesome explanation.
Great stuff. Thanks!
You might wanna add a beat in the background...it would also make a great rap improv....
Just saying....
Thanks again ! Cheers
Simply awesome! Quite easily, the best channel on youtube.
Thank you!!
this is the first video where i need to slow down to 0.75
9:16 dude's a rap god
Great tutorial! Could you please update the github repo because the code from part 1 & 2 is not included. Best regards, evoq!
Millions subscribers on the way. Great stuff as usual. 😊
Thanks! I sure hope so 😉
I agree! Great content!
I thought my video was on 2x speed.
great video! But man, you sound like a texan auctioneer
You can beat Eminem :)
Sir, your server.js on github is empty, i wanna know how callback function works.
bro is rapping
hablas rapidísimo, pensé que sabia ingles😅
im trying to make a clone (on a small scale) of discord and believe me this really helped
Could you teach us how to deploy these apps on Heroku?
Are u sure that you belong to this planet earth?
1337... My man.
You’re the first person to comment on this easter egg
Eminem?
shalom
didnt needed to make its speed faster